There have been plenty of stories recently about websites, often connected to content piracy and other dodgy activities, running background software that harnesses your computer's resources to mine cryptocurrency wile you're on their site. But, once you close the browser window, the CPU thieves lost access to your processor and associated resources. Malwarebytes has found that some have resorted to a clever trick to keep mining for cryptocurrency even when you've closed the offending browser window.
According to the blog published by Malwarebytes, the crypto-miners open a hidden browser window that sits behind the Task Bar and clock on your computer, hidden from view but still siphoning CPU cycles and power from your computer.
Malwarebytes says the windows is placed at a horizontal position of –100 pixels of your current screen x resolution and a vertical position of -40 pixels of the current screen y resolution. In other words, well out of view but still active.
The technique is able to bypass most ad-blockers and runs from a crypto-mining engine hosted by AWS - who I assume will take action to block them once they are fully aware of what's going on. At least I hope that's the case.
As far as stoping this, Malwarebytes says it's not easy as the technique used is able to bypass most normal protections. If you suspect your CPU is running a little harder than usual (there are utilities for putting CPU usage in a more visible place than the Windows Task Manager), take a look for any browser windows that shouldn't be there and kill them.
The blog entry also notes some IP addresses and sites that seem to be associated with this technique. They are
- 126.96.36.199,yourporn[.]sexy,Adult site
- 188.8.131.52,elthamely[.]com,Ad Maven popunder
- 184.108.40.206,d3iz6lralvg77g[.]cloudfront.net,Advertiser's launchpad
- 220.127.116.11,hatevery[.]info,Cryptomining site